Info from Back: "Hacking is the art of creative problem solving, whether used to find an unconventional solution to a difficult problem or to exploit holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation that a hacker needs to be successful. Hacking: The Art of Exploitation explains things that every real hacker should know. While many hacking books show you how to run other people's exploits without really explaining the technical details, Hacking: The Art of Exploitation introduces you to the spirit and theory of hacking as well as the science behind it all."

Introduction

I was approached by No Starch the publisher of this book as they thought we might be interested in reviewing this book for the site. For anyone that doesn't know, No Starch is a small-ish independent publisher that deals with books the big houses won't publish, more info HERE. I was of course, after reading the synopsis, very interested! At first glance it looks like the first book of its kind, a book that really covers string exploits, return-into-libc, shellcode, tcp-ip hijacking, WEP cracking and format string vulnerabilities. These are things that I've been looking at a lot lately, trying to increase the depth of my knowledge, return to system(), return to libc, polymorphic shell code, format strings and off-by-one amongst others. To get things straight from the start, if you have absolutely no idea what I am talking about here, this is not the book for you.

I have some experience with the areas within this book (Programming, Networking and Cryptography) but as stated above, definitely areas I am still learning about and probably always will be as things evolve (Non executable stacks for example). Of course being curious and always wanting to know more, I wanted to see if this book could explain some concepts I was having problems with and perhaps show me some new things.

This book covers a decent area with the main focus being programming and exploitation on the Linux platform, the networking and cryptography sections are more tasters which are worth of their own books. As mentioned above this is an advanced book covering very technical topics, it's ideal for someone with a fair grasp of programming concepts and experience of exploitation (meaning understand the fundamentals and the theory but not all of the practical side).

Contents

The book is split into 5 chapters with no overall sections really, but a lot of subsections within the chapters.

1. Introduction

2. Programming

3. Networking

4. Cryptology

5. Conclusion

The preface of the book explains that it is a very technical book, it uses x86 architecture and the distribution used was Gentoo. There is a brief contents page followed by a detailed contents page (Available HERE), then the short introductory chapter.

The introduction basically explains what hacking is in the true sense of the word, hacking ethics, hacker vs. cracker and how hacking began.

As mentioned above the main bulk of this book is the programming section which accounts for 128 pages of the book, well over half. The programming section is well segmented with subsections and sub-subsections covering memory, buffer overflows, stack overflows, heap overflows, format strings, shellcode and return to libc. The essence of the book is to explain the more advanced methods of 'hacking' in a fairly easy to understand form. The techniques discussed throughout are the mainstays of REAL exploitation and are written and explained in a way that makes it clear what is happening. It's like the next step up from the papers you can find at Badc0ded and stuff like Aleph-One's Smashing the Stack where you get more confused the more you read. The examples in the book are excellent and it really allows you to create your own simple programs and then exploit them.

There is a lot of code in the book, in a fixed width font making it easy to read and ensuring it stands out. There is a smattering of diagrams for things like the stack and heap and no pretty pictures or screengrabs, which is fine as they are not expected in this type of book. The Networking section makes good use of diagrams explaining the OSI model and various other bits like packet headers and TCP/IP connection states. The chapter on Networking covers all the basics and then moves onto sniffing and the use of ARP, then there is a good section on TCP/IP Hijacking (one of those mythical topics) and briefly describes all the main types of DoS attacks.

The cryptology section opens with an overview of cryptology, cryptography and cryptanalysis explaining the meaning of each. It then moves onto some of the more complex cryptographic theories such as One-Time Pads and Quantum Key Distribution. There is some fairly intense mathematics in this chapter and even with my decent base in crypto I found some of it a little hard to digest, it is to be expected though as I believe the author works as a cryptologist.

Style and Detail

The style of this book is very 'hacker-ish', it's quite plainly laid out, there is no colour anywhere and very few diagrams. Where there are diagrams they are quite plain and straight forward, which makes a refreshing change from all the multi-coloured jazzed up diagrams we tend to get nowdays. I mean if it explains the concept it is intended to, it's fine by me. It is refreshing to see a book written in this manner, it's clear concise and easy to read (considering the deeply technical topics it's covering). The author clearly shows (without being cocky about it) he really knows what he's talking about, to me this is best demonstrated by his ability to make extremely complex concepts understandable.

The book is well structured and each topic follows on well from the previous section, you can easily skip through to parts that you are unfamiliar with or just the read the whole book cover to cover. There are various references to useful security tools such as Dissembler (generate ASCII printable polymorphic shellcode), dsniff and Nemisis (a command-line network packet crafting and injection). The technical parts of the book as expected are extremely detailed, which they need to be to explain the topics this book covers.

Conclusion

From all the books I've read so far, I would consider this the seminal hackers handbook. The majority of other security books are more on a script kiddie or management level than a technical hacking level (they talk about using other peoples tools without explaining exactly how they work, or talk on a more management-esque general level). If you are really interested in hacking, penetration testing and real world security threats you need to read this book. Even if you are "au fait" with the majority of the topics covered by this book, but struggling with some others I would recommend it as it will clear up any niggles you have or any areas of confusion.

This book won't really date or get old as it covers fundamental concepts and the real mindset attributed to hacking, also if you are looking for a book on point and click hacking with GUI tools, then don't look here.

If it had a CD or perhaps even a website to download the code and examples etc. I guess I'd shift to 9/10 as this is pretty much a 8.5/10. There are very few things that annoy me more than hand typing code in from a book!

This is a book I have looked into also and I'll probobly order it very soon. I saw about it when it first was announced and I read the example chapter and wasn't that pleased with that one but when I hear you say it got alot of code I got happy and relized I need to buy it

Hacking tends to be a misunderstood topic, and the media likes to sensationalize, which just exacerbates this condition. Changes in terminology have been mostly ineffective — what's needed is a change in mindset. Hackers are just people with innovative spirits and an in-depth knowledge of technology. Hackers aren't necessarily criminals, though as long as crime has the potential to pay, there will always be some criminals who are hackers. There's nothing wrong with the hacker knowledge itself, despite its potential applications.

Like it or not, vulnerabilities exist in the software and networks that the world depends on from day to day. It's simply an inevitable result of profit-oriented software development. As long as money is connected to technology, there will be vulnerabilities in software and criminals in networks. This is usually a bad combination, but the people finding the vulnerabilities in software are not just profit-driven, malicious criminals. These people are hackers, each with their own motives; some are driven by curiosity, others are paid for their work, still others just like the challenge, and several are, in fact, criminals. The majority of these people don't have malicious intent and instead help vendors fix their vulnerable software. Without hackers, the vulnerabilities and holes in software would remain undiscovered.

Some would argue that if there weren't hackers, there would be no reason to fix these undiscovered vulnerabilities. That is one perspective, but personally I prefer progress over stagnation. Hackers play a very important role in the co-evolution of technology. Without hackers, there would be little reason for computer security to improve. Besides, as long as the questions "Why?" and "What if?" are asked, hackers will always exist. A world without hackers would be a world without curiosity and innovation.

I hope this book has explained some basic techniques of hacking and perhaps even the spirit of it. Technology is always changing and expanding, so there will always be new hacks. There will always be new vulnerabilities in software, ambiguities in protocol specifications, and a myriad of other oversights. The knowledge gained from this book is just a starting point. It's up to you to expand upon it by continually figuring out how things work, wondering about the possibilities, and thinking of the things that the developers didn't think of. It's up to you to make the best of these discoveries and apply this knowledge however you see fit. Information itself isn't a crime.

This is a truly excellent book and a excellent review of it. I highly recommend this book. I have read it twice (so far), some of it is a bit fuzzy, but I have a very limited knowledge of programming.
Personally, I will sort out my programming, learn all I can and as I do this the book will never leave my side.

I bought the book and dove into it - excellent read - but what gets me is their use of sudo chown - you can't chown files and make them root in order to obtain root...

I am new to this stuff so forgive me if I'm wrong, but on my freebsd box it didn't work for me - and I like to see things working rather than just reading about them

Any thoughts?

Well, in order to utilize the kind of vulnerabilities that he demonstrates in the book you'll need to exploit binaries that are sudo root. The whole point is that you'll need to find vulnerable sudo root binaries already on your system and figure out how to exploit them, the author simply goes about showing the baby steps on how you could possibly do that.

Also, the code examples are written for linux not FreeBSD, if you want to make them work on another platform you'll need to make the appropriate changes, most notably linux kernel interrupts that change your uid won't work on BSD and thusly the shellcode given in the book will be useless to you.

Yes it's still worth it infact it was mentioned today on ISC http://isc.sans.org/diary.php?date=2005-05-25 .
In the list of "Books for Summer/Winter Vacation/Holiday". Which some of the ISC readers recommend that anyone working in infosec should read.

FWIW I agree with most of the books that are on that list and have also read most of them.